6 matches found
CVE-2018-0114
creationtimestamp| type| source ---|---|--- 2023-08-02 10:00:03+00:00| seen| https://t.me/ptsoft/21 2023-08-02 10:00:03+00:00| seen| https://t.me/ptsoft/12 2024-10-11 07:45:56+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/64 2025-01-28 13:54:03+00:00|...
@financialforcedev/orizuru-auth (=3.0.4), @kognifai/oidc-provider-fork (=2.5.1) +7 more potentially affected by CVE-2018-0114 via node-jose (=0.10.0)
node-jose NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-jose and may be impacted: - @financialforcedev/orizuru-auth =3.0.4 - @kognifai/oidc-provider-fork =2.5.1 - @kognifai/poseidon-dev-host =2.0.0, =0.0.1, =2.4.0, =1.16.0,...
Cisco node-jos Resign Tokens Proof Of Concept
import base64 import urllib import rsa import sys zi0Black ''' POC of CVE-2018-0114 Cisco node-jose 0.11.0 Created by Andrea Cappa aka @zi0Black GitHub,Twitter,Telegram Mail: [email protected] Site: https://zioblack.xyz A special thanks to Louis Nyffenegger, the founder of PentesterLab, for al...
Cisco node-jos < 0.11.0 - Re-sign Tokens Exploit
Exploit for multiple platform in category web applications import base64 import urllib import rsa import sys zi0Black ''' POC of CVE-2018-0114 Cisco node-jose 0.11.0 Created by Andrea Cappa aka @zi0Black GitHub,Twitter,Telegram Mail: email protected Site: https://zioblack.xyz A special thanks to...
Cisco node-jos < 0.11.0 - Re-sign Tokens
!/usr/bin/env python3 import base64 from urllib.parse import quoteplus import rsa import sys zi0Black ''' EDB Note: This has been updated https://github.com/offensive-security/exploitdb/pull/139 POC of CVE-2018-0114 Cisco node-jose = 8 return b::-1 def generateheaderpayloadpayload,pubkey: create...
CVE-2018-0114
CVE-2018-0114 affects the Cisco node-jose library prior to 0.11.0. The flaw arises when a JSON Web Signature (JWS) header can carry a JWK (public key) that is then trusted for verification. An unauthenticated, remote attacker could forge valid JWS objects by removing the original signature, inser...